In today's business environment, many systems employ communications over digital networks such as company intranets and the Internet. When these systems are used, the security of communications between parties is always a concern. To establish secure communications, a secure channel can be established, through which data can be securely passed.
A digital certificate can be used to establish a secure communication channel. A digital certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity (i.e., information such as the name of a person or an organization, or an address). The certificate can be used to verify that a public key belongs to an individual or organization.
A certificate typically includes the public key being signed, a name, which can refer to a person, a computer or an organization, a validity period, the location (universal resource locator) (URL) of a revocation center and the digital signature of the certificate, produced by a certificate authority's private key.
The certificate authority or certification authority is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. A certificate authority issues digital certificates which contain public key and private key pairs. The certificate authority also attests that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A certificate authority's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the certificate authority's certificates. Examples of certificate authorities include organizations such as VeriSign, Comodo and Entrust.
Large organizations can find themselves managing tens of thousands of digital certificates every year. Each of these digital certificates has a lifecycle that includes a request for the certificate, authorization to use the certificate, management and use of the certificate, expiration of the certificate, and the request of a replacement certificate. Management of the lifecycles is further complicated by the fact that certificates typically expire a year after they are issued, with the issuance of certificates occurring on a continuous rolling basis. Managing tens of thousands of certificates that are expiring on a rolling basis is an arduous and complex task.
A typical problem that occurs with such certificate management includes the difficulty of manually managing the certificates. This is because requests for certificates, related authorizations and distribution of the certificates are typically accomplished via a series of e-mail exchanges that are performed in an ad hoc manner. Such management of certificates can lead to a lack of accountability and a lack of appropriate escalation when the intended recipient of a certificate does not respond to an e-mail communication.
Thus, there is a need for an improved system and method for managing digital certificates within an organization.